A-Z of cyber security
It goes without saying, but we should all be aware of cyber security. Not least because thousands of businesses are targeted every year, with malicious attacks made on their computers and IT network. If not prevented, these attacks can cause a sizeable financial loss, as well as breaching security and confidentiality. In fact, the damage to a firm’s reputation as a result of an attack can be as devastating as having money stolen.
In spite of its relevance to all of us, cyber security has developed technical terminology that can be baffling to the outsider. Here are a few of the more commonly used terms in this vital area.
The process of confirming that a computer user is who they claim to be and that they are allowed to access a particular network, service or file. Two-factor authentication is when two separate forms of identification are required for additional security, e.g. a password and a security question.
Business continuity planning
The process of preparing for any event that could majorly disrupt the running of a business. This includes ensuring that core business functions can be maintained or restored as quickly as possible.
Cyber liability insurance
This is designed as a safety net if your cyber security measures fail and your system is breached. It can provide cover for both your business and any third-parties affected. You can read more about what’s covered on our cyber liability page.
A central computer that allows other network users to access shared files.
Encryption is a form of cryptography that prevents unauthorised parties from reading a message that has been coded. It is done using algorithms to create a ciphertext that can only be decrypted by those that have the correct key.
A firewall is the first line of defence in any cyber security system and should block access from unauthorised users or programs to your computer. It is essential to keep this up to date.
This is a method of measuring the difference, or gap, between actual performance and the expected or required performance of a system in any given situation. It is one of the methods used in putting together a business continuity or disaster recovery plan.
A hacker is anyone who attempts to gain unauthorised access to a computer or IT system. If this attempt is successful, then the computer or system is said to have been hacked, and most likely compromised as a result.
Establishing the identity of a user or a program through identification is of paramount importance in establishing whether they are authorised for access. Identity is generally established by a combination of username and password. Identity theft is a common aim of cyber-attacks. As a result users or programs may not be who or what they appear.
Jamming is a method of maliciously interrupting methods of communication by flooding the system or by attacking protocols. It may be used as a smokescreen for other attacks.
A keystroke is the act of tapping a key when typing on a computer keyboard. Some malicious programs or devices log keystrokes to obtain passwords or other confidential information.
The principle of least privilege is an important part of maintaining cyber security by granting access to information and functions on a strictly ‘need to know’ basis within a particular network.
Malicious software, commonly known as malware, is a type of program designed to infect and damage computers.
A computer network is a group of linked computers and/or other IT systems and devices that are able to communicate with each other and share resources. Once one of these systems is successfully hacked the rest of the network can be compromised.
Outsourcing is the process of using an outside third-party to provide certain services for your company. That can increase the level of risk for your business. Cyber security solutions are also often outsourced to specialist contractors.
A method of trying to fraudulently obtain confidential information by sending out ‘scam’ emails. They may appear legitimate but aren’t, usually containing a link to a malicious website. An example would be an email that appears to be from your bank, urging you to click on a link to a website that also appears to belong to the bank, where you enter your details and/or password.
If a file has been corrupted or infected, the best approach may be to quarantine it by cutting it off from the rest of the computer or network.
To restore is to recover data or information following a computer failure or other incident. This is not always possible, which is why all important files should be securely backed up.
This is a form of malware that infiltrates your computer and passes on information to an unauthorised third party.
Named after the Trojan Horse of Greek mythology, a Trojan is a form of malware that pretends to be something other than it is to get you to download it. These often open a ‘backdoor’ on your device allowing an unauthorised user access to your computer’s data and functions.
A user account is a computer’s record of a user, their identity, password, privileges and so on, which determines whether they can access certain functions and programs.
A computer virus is a form of malware that replicates itself once it is on your computer, modifying or corrupting existing programs and files until the computer is thoroughly infected. Up-to-date antivirus software is essential to protect your system against this kind of attack.
A computer worm is a specific form of malware or virus that replicates itself across an entire network of computers or devices, causing harm to the network as a whole.
X is often used to symbolise the unknown. We can never know what threats may be out there, so it is vital to be prepared and to keep our networks as secure as possible.
It’s up to you to take personal responsibility for your cyber security and to make sure that everyone else on your team is also properly educated and trained in this area.
A zombie is a computer within your network that has been compromised or taken over by a third-party, using malware. That machine poses a threat to the entire network, as it is the source of further attacks, often without the authorised user being aware of it.